Clicking on one of these links takes you to the Twtfaster website, which asks you to enter your Twitter username and password.

Of course, regular readers of the Clu-blog know that it’s never a good idea to hand over your login credentials to a third party, and that’s the case with this site too. Curiously, when I entered bogus information on the above screen it didn’t display an error message – suggesting that it might be created simply to scoop up users’ login details. Hmm.. that smells worryingly like a phishing attack to me.

Further investigation finds some small print on the Twtfaster website that suggests that they plan to use your account to advertise their service – but I wonder how many people would read that before eagerly signing up for more followers?

One piece of good news is that TinyURL appears to be currently blocking links used in the campaign, but of course that’s not going to stop the people behind this latest outbreak from using alternative URL shortening services.

So, if you’ve found out that your Twitter account has been sending messages advertising how to get more followers, I would recommend that you change your password immediately. And next time a third-party website asks you to hand over your username and password for Twitter, steer well clear.

It is possible that the accounts that are spamming out the adverts for Twtfaster have not signed-up for the site themselves, but have been compromised in some other way. Even so, that’s still a good reason to change your Twitter password. If you need help choosing a memorable, hard-to-crack password you should watch the video I made on the subject.

As I’ve discussed before, you should always exercise extreme caution before signing-up for a service which offers to increase your Twitter following.

Unfortunately, as the popularity of Twitter grows and the desire for more followers deepens we can expect more and more users to fall for scams like this.

Post navigation

About the author

Graham Cluley runs his own award-winning computer security blog at https://www.grahamcluley.com, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley